Talos Vulnerability Report

TALOS-2017-0324

PowerISO ISO Parsing Use After Free

May 5, 2017

CVE Number

CVE-2017-2823

Summary

A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability.

Tested Versions

PowerISO 6.8 (6, 8, 0, 0)

Product URLs

http://poweriso.com

CVSSv3 Score

8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

This vulnerability can be triggered by providing a specially crafted .ISO file and opening it with PowerISO
software.

The Instruction at 0x0001BD5A loads a pointer to EAX register from a memory region that was already freed
at this point. This pointer after multiplication at 0x0001BD75 is later used as an operand of
call instruction at 0x001BD7A.

The use of previously-freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw. The simplest way data corruption may occur involves the system's reuse of the freed memory.